Sanctum Providers : does not persist CSRF Token through requests

[vwasteels]

Version

module: 5.0.0 nuxt: 2.15.8

Nuxt configuration

mode:

• [ ] universal
• [x] spa

Nuxt configuration

  axios: {
    proxy: true,
    credentials: true,
    debug: process.env.DEBUG,
  },

  // NOTE: proxy is used to prevent CORS issues during development
  proxy: {
    '/api': {
      target: process.env.API_DOMAIN,
      pathRewrite: { '^/api': '/' }
    }
  },

  auth: {
    strategies: {
      laravelSanctum: {
        provider: 'laravel/sanctum',
        url: '/api',
      }
    },
  },

Checklist

• [x] I have tested with the latest Nuxt version and the issue still occurs
• [x] I have tested with the latest module version and the issue still occurs
• [x] I have searched the issue tracker and this issue hasn't been reported yet

Reproduction

What is expected?

POST on /login should reach API corectly

What is actually happening?

It return a 419 with Exception : CSRF token mismatch.

Steps to reproduce

I followed this issue for more documentation : https://github.com/nuxt-community/auth-module/issues/1164#issuecomment-839199946

First call to /csfr-cookie woks well and returns 2 cookies on domain .indivisible.test

2nd call to the login endpoint, tiggered this way :

    this.$auth.loginWith('laravelSanctum', {
        data: {
          email: 'someone@email.com',
          password: 'somepassword'
        }
      })

returns a 419 with Exception : CSRF token mismatch.

with no Cookie present in the Resquest Headers, which seems normal since the previous SET-COOKIE was calling a different domain than localhost, but then, how is it suppose to work ?

On the Laravel side :

• 'supports_credentials' => true, in config/cors.php
• 'stateful' => [ '*'.env('SESSION_DOMAIN'), 'localhost:3000' ], in config/sanctum.php

Thanks a lot for your help, I'm very stucked on this !!

[vwasteels]

any thought on this ? I am still stuck :( Thank you anyway

[T-Zahil]

Any news ? :/

[vwasteels]

yes I made it work by adding a ngynx proxy to serve nuxt on the same top-level domain than the API

this reading helped me understanding : https://dev.to/nicolus/laravel-sanctum-explained-spa-authentication-45g1

here is my ngynx config for this :

server {
    server_name mynuxtsite.mytoploveldomain.com;
    listen 127.0.0.1:80;
    location / {
            proxy_pass      http://localhost:3000;
            proxy_set_header    Host             $host;
            proxy_set_header    X-Real-IP        $remote_addr;
            proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
            proxy_set_header    X-Client-Verify  SUCCESS;
            proxy_set_header    X-Client-DN      $ssl_client_s_dn;
            proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
            proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
            proxy_read_timeout 1800;
            proxy_connect_timeout 1800;
            chunked_transfer_encoding on;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_redirect off;
            proxy_buffering off;
    }
}

[T-Zahil]

Thanks a lot @vwasteels !

[bmulholland]

Looks like this was resolved by fixing the laravel hosting setup, so closing it out.

[jerickcm]

Im facing the same issue in my local development can anyone help me with this